Google faces legal threats in Europe

INFURIATED:Regulators in the UK, France and Germany are among those angered by what they say is Google’s lack of response over online data protection concerns

The Guardian, LONDON

Google could face fines from six European countries’ privacy regulators, including the UK and Germany, after refusing to reverse changes to its privacy policies made in March last year.

The search company has infuriated the regulators by declining to respond to their demands made over multiple months — even as research shows that user concerns about online privacy are high.

France’s privacy body, CNIL, together with its counterparts in the UK, Netherlands, Germany, Spain and Italy, said on Tuesday they would take joint legal action involving an investigation and possible fines.

The UK’s Information Commissioner’s Office (ICO) can levy fines of up to ￡500,000 (US$754,400) for breaches of the Data Protection Act. A decision is expected by this summer. CNIL could fine it up to 300,000 euros (US$384,150).

However, even both fines added together would be less than Google generates in sales in 10 minutes. Yet the regulators could sue to block Google from operating in Europe — a move that would be highly damaging to its reputation.

Google’s rival Facebook has been forced in the past to make a number of changes to its operation to comply with Europe’s data protection laws, which are significantly tougher — but more fragmented — than those in the US.

After an earlier data protection investigation concluded in October last year, CNIL said in a statement on Tuesday that “the EU Data protection authorities asked Google to comply with their recommendations within four months.”

“After this period has expired, Google has not implemented any significant compliance measures,” the statement said.

The agencies complained of being stonewalled by Google for over a year about their concerns that its unification of more than 60 separate privacy policies last year could confuse users and leave them unsure how their data was being used.

“We put our concerns to Google [in October] and gave them a date to respond,” a spokesperson for the ICO said. “They failed to respond. We had a meeting in March and Google was present, and gave them a deadline to respond. They failed to respond. Google has failed to address the concerns or take on board the recommendations from the meeting held last month.”

A Google spokesperson said: “Our privacy policy respects European law and allows us to create simpler, more effective services. We have engaged fully with the data protection authorities involved throughout this process, and we’ll continue to do so going forward.”

Research published by the privacy pressure group Big Brother Watch in February revealed 68 percent of the British public expressed concern about their online privacy, with 22 percent of the total saying they were “very concerned.” The same research found that 71 percent felt it was right for privacy regulators to investigate the changes in Google’s privacy policy last year, and two-thirds said the regulators should do more to force Google to comply.

As the latest moves were announced on Tuesday, Nick Pickles, director of Big Brother Watch, said: “Google has repeatedly put profit ahead of user privacy and the way that the company ignored concerns from regulators around the world when it changed its privacy policy showed just how little regard it has for the law. Just because Google is a big business does not put it above the law. The company has ignored the authorities and refused to make any meaningful changes to how it collects and uses people’s data.”